archive about

my vcsh setup

vcsh is a version control system for $HOME. This is how I've set it up.

I've come to rely a lot on vcsh lately. It's a Version Control System for $HOME based on git. It allows me to use git to manage my "dotfiles" (like .zshrc, .vimrc, etc.) but also any file I consider an important part of my $HOME setup. It also allows me to share this setup between multiple computers.

For example, I also manage my ~/bin/ directory with custom scripts I use a lot, ~/config/ where I keep configuration files (like my favorite Terminal.app configuration), a text file I call "recipies" where I paste interesting snippets of code I should always have handy, and ~config/Licenses/ where I keep licenses of applications I've purchesed.

vcsh allows you to split all these files in multiple repostitories and the documentation examples favor using separate repositories for zsh, gitconfigs, vim, etc. I would suggest you stick to one, unless you have a really good reason not to: For example, if some of the files are shared between more than one users --which would actually be a very interesting use case, say sharing an application configuration between members of a team. Anyway, I've sticked to one repo.

I also wanted to have a remote git repository that would allow me to sync my vcsh configurations between computers more easily, and also set up a new working environment with minimal effort. My first thought was Github, but I didn't want my whole setup to be public. So I tried Bitbucket: It had been some time since the last time I was there, and I have to admit they have improved the feel of their service a lot, plus they offer unlimited private repos even on the free plan (if you are looking for a place to host your project repositories, do have a look at what they offer).

In addition to using a private repository, I took some extra measures to protect some very sensitive information. I mean, a "private repo" is just a repo that the server asks for authentication before allowing access. The server admins, a hacker, or even someone that guessed/stole my password can see anything in it. So, I encrypt anything I consider sensitive using AES256, and I add to vcsh the encrypted versions (no diffs obviously, but I can live without them in this case).

# Encrypt and decrypt "file":
openssl aes-256-cbc -salt -in file -out file.aes
openssl aes-256-cbc -d -salt -in file.aes -out file

To make it even easier, I use the following script (located in~/bin/)

#! /usr/bin/env bash

# mycrypt.sh -e|-d <file>

ACTION=$1
SOURCE=$2

if [ "${ACTION}" == "" ] || [ "${SOURCE}" == "" ]; then
  echo "mycrypt.sh -e|-d <file>"
  exit 1
fi

if [ ! -f "${SOURCE}" ]; then
  echo $SOURCE is not a file.
  exit 1
fi
if [ "${ACTION}" == '-d' ]; then
  echo Decrypting $SOURCE...
  if [ ${SOURCE##*.} == 'aes' ] ; then
    TARGET=${SOURCE%.*}
    openssl aes-256-cbc -d -salt -in $SOURCE -out $TARGET
  else
    echo "Source file must have .aes extension."
    echo "Exiting."
    exit 1
  fi
elif [ "${ACTION}" == '-e' ]; then
  echo Encrypting $SOURCE
  openssl aes-256-cbc -salt -in $SOURCE -out $SOURCE.aes
else
  echo "mycrypt.sh -e|-d <file>"
fi

One last thing. I share my setup between Linux and OS X computers and some of the settings are different. I prefer to keep them both in one file and execute them depending on the value returned by uname. For example:

THISHOST=`uname`
echo $THISHOST

if [ $THISHOST = 'Darwin' ] ; then
        echo "OS X Section"
        # code for OS X goes here.
fi

if [ $THISHOST = 'Linux' ] ; then
        echo "Linux Section."
        # code for Linux goes here
fi

echo "Shared code."
# Shared code goes here.